Storage of digital data

ABSTRACT

A device for locating a DES key value that corresponds to a packet identification (PID) contained at a variable possible location which comprises part only of a 32-bit packet header. A table stored in memory contains for each DES key: (i) a packet header having 32 bits with a PID of either 12, 9 or 8 bits contained at a defined location and with zero values elsewhere, and (ii) a mask value also having 32 bits with ones contained at the said defined location of the PID and zeros elsewhere. The table is divided into regions for respective packet format types. An incoming packet header at an input is combined with a first one of the mask values from the table to provide a combined value that consists of the value held in the input packet header at the defined location and zeros elsewhere. This combined value is compared with the corresponding packet header stored in the table. When they are not equal, the combining and comparison is repeated for the next row of the table. When they are equal, the corresponding DES key value is read from the table and provided as an output. The system can cope with variable PID formats within the packet header without alteration to the hardware but merely with re-programming of the table contents.

BACKGROUND OF THE INVENTION

1. Field of the Invention

This invention relates to the storage and processing of digital data,and particularly, though not exclusively, to the storage and processingof encryption and decryption keys associated with programidentifications in a packet-based digital video storage system using thewell-known DES data encryption standard for encryption of the storeddata.

2. Description of the Related Art

With the increasing speed and capacity of hard disk drives and theincreasing effectiveness of data compression schemes, it has becomepossible to contemplate the real-time storage of digital video signalsat broadcast television standards. When the television signal to bestored is derived from a conditional-access (or subscription) channel,it is desired that the signal will automatically be encrypted when it iswritten to the disk to reduce the likelihood of it being copied and madeavailable to non-subscription payers. One proposal is to encrypt thesignal using the DES standard operating with 56 bit keys. In fact theDES standard specifies a 56-bit key with 8 parity bits, giving 64 bitsin all.

The video signal in digital form is provided in packetized format. Eachpacket will typically consist of a header containing a number of framingbits, an information section containing specified information, and apayload containing a portion of the signal itself. The informationsection includes a program identification (PID) as part of its contents.This identifies the program being transmitted, or a portion of it, asthere, in fact, may be several PIDs used in a single program. The PID isused, amongst other things, to select which of a plurality ofpredetermined DES keys are used in the DES encryption process in orderto encrypt the data for storage on the hard disk. The header is recordedon the hard disk unencrypted. On replay, the PID in the header is againused to determine which keys are required for the decryption operation.For convenience the word “cryption” will be used to refer to either theencryption operation or the decryption operation, as the case may be.

Unfortunately, many different standards exist for the detailed format ofthe packet structure. One packet format used is DVB (digital videobroadcasting), and another is DSS (direct satellite system) transportstream. In DVB transport streams, the packet length is 188 bytes (1504bits). The packet header is 4 bytes long, consisting of a framingsequence that is 8 bits (or one byte) long, and an information sectionthat is 24 bits (or 3 bytes) long. The PID is 12 bits long and islocated in bits 11 to 22 of the packet header. For more informationconcerning the packet format in the DVB scheme, reference may be madeISO/IEC-13818.

DSS transport stream packets are 130 bytes long with a two-byte packetheader. DSS transport streams are a proprietary DirecTV format. Both DVBand DSS streams can be demultiplexed to give a PES (packetizedelementary stream). In this the packets and headers may be of variablelength and format. The PES equivalent of a PID is usually located inbits 13 to 20 of the packet header.

For more information concerning the packet format in the PES scheme,reference may be made to ISO/IEC-13818.

In each case, in order to determine the keys to be used in the DEScryption operation, a two-fold operation is required. As a first step,the PID must be identified from the header. The PID will be located inone of three different places, depending upon whether the data comprisesDVB or DSS transport packets or PES packets. A different search schemefor locating the PID is therefore required depending on which of thethree packet types is being used. The second step in the operation isthen to search a table which contains all the allowable PIDs andassociated with each of them the appropriate DES cryption keys. In thisway the required keys are obtained.

BRIEF SUMMARY OF THE INVENTION

The process described can be simplified and thus speeded up by choosingto store the PID/key correspondences in a special format. Furthermore,the system is of wider application and would permit the readyintroduction of new formats.

The embodiments of the invention pertain to a digital apparatus andmethod for locating, for a packet identification (PID) contained at avariable possible location which comprises part only of a packet headerof up to 32 bits in length, a corresponding DES key value. A tablestored in memory contains for each DES key (i) a packet headercomprising 32 bits with a possible PID of e.g., 12, 8 or 9 bitscontained at a defined location and with zero values elsewhere, and (ii)a mask value also comprising 32 bits with ones contained at the saiddefined location of the PID and zeros elsewhere. An incoming packetheader at an input is combined with a first one of the mask values fromthe table so as to provide a combined value which consists of the valueheld in the input packet header at the defined location and zeroselsewhere. This combined value is compared with the corresponding packetheader stored in the table. If they are not equal, the combining andcomparison is repeated for the next row of the table. If they are equal,the corresponding DES key value is read from the table and provided asan output. The system can cope with variable PID formats within thepacket header without alteration to the hardware but merely withre-programming of the table contents.

The table may be divided into regions so that if the type of packetformat being received is known, only the corresponding region of thetable needs to be searched.

Thus there may be a region for DVB packets, a region for DSS packets,and a region for PES packets.

BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS

The embodiments of the invention will now be described in more detail,by way of example, with reference to the accompanying drawings, inwhich:

FIG. 1 shows a table containing a mask, a header, and the correspondingDES key; and

FIG. 2 is a block diagram of apparatus for searching the table to locatethe DES key which is appropriate for the header of an incoming packet.

DETAILED DESCRIPTION OF THE INVENTION

The figures illustrate a storage and search system that receivesincoming packets with a 32-bit header that contains a packetidentification (PID) in one of three possible locations and determinesthe appropriate DES cryption key for that packet from its PID. Thesystem is used in writing digital video to and reading it from an EIDEhard disk drive.

Referring first to FIG. 1, there is illustrated a table 10 whichcontains the required DES keys 12. Hitherto, associated with each DESkey would be a PID typically of 12, 8 or 9 bits. As shown in FIG. 1,however, associated with each key is a header 14 comprising up to 32bits and a mask 16 also comprising 32 bits. In FIG. 1, for reasons ofspace the full number of bits is not shown and they are in arbitrary butnevertheless illustrative positions.

The 32 bits forming the entry in the mask column for each DES keycomprise a predetermined number of zeros and a predetermined number ofones. There are ones at the bit locations occupied by the PID in a32-bit packet header. Thus if in the DVB system the PID is constitutedby the 12 bits 11 to 22 of the header, then in the mask 16 bits 0 to 10and 23 to 31 will all be zeros and bits 11 to 22 will all be ones. If inthe DSS system the PID is constituted by the 9 bits 7 to 15 of theheader, then in the mask 16 bits 0 to 6 and 16 to 31 will all be zerosand bits 7 to 15 will all be ones. Equally, if in the PES system the PIDis constituted by the 8 bits 13 to 20 of the header, then in the mask 16bits 0 to 12 and 21 to 31 will all be zeros and bits 13 to 20 will allbe ones. Different lines in the table can thus correspond not only todifferent PIDs but also to different packet formats.

Provision is preferably also made to divide the table into three regions18 a, 18 b, 18 c, and to select a region to be searched by the PIDmatching apparatus. This allows multiple transport stream formats to besimultaneously supported without having to reprogram the entire keytable.

The same PID may then be used by more than one transport stream,requiring the retrieval of multiple keys for the same PID. Multipletransport streams of the same format can be simultaneously supported bystoring the data associated with each stream in a different region.

The header column 14 in the table is arranged so that in the bitpositions for which the mask column contains zeros the header columnalso contains zeros. In the bit positions for which the mask columncontains ones, the header column contains the PID to which the DES keyon that line of the table corresponds. Different rows in the tablecorrespond to different PIDs and different header formats. That is, onlya single table is required although there are three possible formats forthe header, optionally divided into three regions.

The digital apparatus 20 for searching the table is shown in block formin FIG. 2. The apparatus includes an input 22 for receiving incomingpackets. The packets may be of DVB, DSS or PES format, but all contain aPID in a specified location in the packet header. A circuit 24 locatesand identifies this header, and passes it to a first input of acombining circuit 26.

A table 10 of the type illustrated in FIG. 1 is stored in memory. A readcircuit 28 is arranged to read the mask entry for a row i, a readcircuit 30 is arranged to read the header entry for the same row i, anda read circuit 32 is arranged to read the DES key entry for the same rowi. The value of i is set in an i register 34, which is initially resetto the beginning of the selected region (or to one if the table is notdivided into regions) and then incremented stepwise by 1 as describedbelow. The output of the read mask circuit 28 is applied to the secondinput of the combining circuit 26.

The output of the combining circuit 26 is applied to a first input of acomparator 36 which receives the output of the read header circuit 30 atits second input. The comparator 36 has two outputs. When the values atits first and second inputs are not equal, it applies an output to the iregister 34 to increment the value of i by one. When the values at itsfirst and second inputs are equal, the comparator 36 applies an enablingoutput to the read DES key circuit 32 to cause the circuit 32 to readthe key for that row of the table and apply it as an output value to anoutput 38 of the apparatus.

The operation of the apparatus of FIG. 2 will now be described. When anew packet is received at the input 22 its packet header is identifiedand held in the header identification circuit 24. If the header is lessthan 32 bits, the bits subsequent to the header in the circuit 24 areset to zero. The value of i held in the i register 34 is reset to thebeginning of the selected region of the table, and the incoming headeris then checked against the first row in that region of the table 10.This takes place as follows. First, the incoming 32-bit header iscombined in the combining circuit or combiner 26 with the mask from thefirst row of the table. The combining operation is a bitwisemultiplication, equivalent to an AND operation, which provides an outputof one when both the mask bit and the incoming header bit are ones andotherwise provides an output of zero. The effect of this is to ‘cut’ outof the header the bits which should contain the PID and set all theother bits to zero.

The 32-bit resultant of this operation is then compared in comparator 36with the corresponding 32-bit entry in the header column of the table.If the incoming PID does not correspond to the PID stored in the headerentry for that row, then the comparator 36 increments the value of i byone and the operation is repeated for the next row of the table. Theincoming header is now combined with the mask in the next row of thetable and the resultant compared with the header stored in that row.

This operation continues until such time as the output of the combiningcircuit 26 is the same as the header read from the table. When thishappens it means that the current row of the table contains the PIDcorresponding to the incoming packet header, in the correct position inthe header, and thus the DES key held in that row of the table is theDES key required for cryption of that incoming packet. The comparator 36accordingly now instructs the read circuit 32 to output the DES key tothe output 38.

The apparatus then can process the packet header of the next inputpacket.

If the end of the selected region of the table (or the end of the tableas a whole) is reached without a match being found, then an errorcondition is present and an appropriate output provided.

It will be seen from the description that a two-stage operation of firstidentifying the PID in one of two locations in the incoming header andthen looking up the thus-located PID in a table is simplified. Thesystem can cope with PIDs of different lengths. Not only that, but thesystem does not need extensive re-programming in order to accommodatepossible future packet types in which the PID is located in yet anotherposition. All that is necessary is to define a region of the table inwhich the ones in the mask column of the table are positionedaccordingly. In this way multiple search types can be performed with thesame apparatus.

In information terms the table contains a degree of redundancy in thatthe zero of each mask value are all repeated in the header value for thesame row of the table, and successive mask values in the same region ofthe table are identical. However, the introduction of this redundancy,requiring a larger table than would otherwise be the case, enables theprocessing to be carried out in a more efficient way.

The apparatus has been illustrated in hardware form, but much, if notall of the circuit can be implemented, if desired, in software. In thiscase FIG. 2 should be regarded as being in the nature of a flowchart.

Many modifications may be made to the apparatus and method illustrated.For example, the mask values can be stored separately, one for eachregion of the table, rather than in the table itself. The appropriatemask value is selected in the same way as the appropriate region of thetable is selected, in accordance with the known incoming packet formattype. In particular the system can be used for purposes other than theretrieval of keys for writing video packets to and reading them from ahard disk.

All of the U.S. patents, U.S. patent application publications, U.S.patent applications, foreign patents, foreign patent applications andnon-patent publications referred to in this specification and/or listedin the Application Data Sheet, are incorporated herein by reference, intheir entirety.

From the foregoing it will be appreciated that, although specificembodiments of the invention have been described herein for purposes ofillustration, various modifications may be made without deviating fromthe spirit and scope of the invention. Accordingly, the invention is notlimited except as by the appended claims, and the equivalents thereof.

1. A digital apparatus for locating, for a PID contained at a variable location which has part only of a packet header consisting of a predetermined number of input bits, a corresponding DES key value, said apparatus comprising: (a) table storing means for storing a table containing, for each DES key value, a packet header comprising said predetermined number of bits with a possible PID contained at a defined location and with zero values elsewhere; (b) mask value storing means for storing mask values each comprising said same predetermined number of bits as said packet headers with ones contained at said defined location and with zero values elsewhere; (c) an input for receiving an input packet header comprising said predetermined number of bits; (d) combining means coupled to said mask value storing means and said input to combine said input packet header and one of said mask values so as to provide a combined value consisting of said value held in said input packet header at said defined location and zeros elsewhere; and (e) comparing means coupled to said table storing means and said combining means for comparing said combined value and one of said packet headers stored in said table and, (i) when they are not equal, repeating said operations of said combining means and said comparing means for said next packet header (if any) stored in said table, and (ii) when they are equal, reading said corresponding DES key value from said table and providing it as an output value.
 2. The apparatus of claim 1, in which said mask value storing means and said table storing means constitute a unitary table containing, for each DES key value, a packet header and a mask value.
 3. The apparatus of claim 1, in which said table is divided into regions, each region corresponding to a respective packet header format.
 4. A digital apparatus for locating, for a first value contained at a variable location which comprises part only of a second value consisting of a predetermined number of input bits, a corresponding third value, said apparatus comprising: (a) table storing means for storing a table containing, for each third value, a second value comprising said predetermined number of bits with a possible first value contained at a defined location and with zero values elsewhere; (b) fourth value storing means for storing fourth values each comprising said same predetermined number of bits as said second values with ones contained at said defined location and zero values elsewhere; (c) an input for receiving an input second value comprising said predetermined number of bits; (d) combining means coupled to said fourth value storing means and said input to combine said input second value and one of said fourth values so as to provide a combined value consisting of said value held in said input second value at said defined location and zeros elsewhere; and (e) comparing means coupled to said table storing means and said combining means for comparing said combined value and one of said second values stored in said table and, (i) when they are not equal, repeating said operations of said combining means and said comparing means for said next second value (if any) stored in said table, and (ii) when they are equal, reading said corresponding third value from said table and providing it as an output value.
 5. The apparatus of claim 4, in which said fourth value storing means and said table storing means constitute a unitary table containing, for each third value, a second value and a fourth value.
 6. The apparatus of claim 4, in which said table is divided into regions, each region corresponding to a respective format for said second value.
 7. A digital method for locating, for a PID contained at a variable location which comprises part only of a packet header consisting of a predetermined number of input bits, a corresponding DES key value, said method comprising the steps of: (a) storing a table containing, for each DES key value, a packet header comprising said predetermined number of bits with a possible PID contained at a defined location and with zero values elsewhere; (b) storing mask values each comprising said same predetermined number of bits as said packet headers with ones contained at said defined location and with zero values elsewhere; (c) receiving an input packet header comprising said predetermined number of bits; (d) combining said input packet header and one of said mask values so as to provide a combined value consisting of said value held in said input packet header at said defined location and zeros elsewhere; and (e) comparing said combined value and one of said packet headers stored in said table and, (i) when they are not equal, repeating said combining and said comparing operations for said next packet header (if any) stored in said table, and (ii) when they are equal, reading said corresponding DES key value from said table and providing it as an output value.
 8. The method of claim 7, in which mask values are stored in said same table as said DES keys and said packet headers.
 9. The method of claim 7, in which said table is divided into regions, each region corresponding to a respective packet header format.
 10. A digital method for locating, for a first value contained at a variable location which comprises part only of a second value consisting of a predetermined number of input bits, a corresponding third value, said method comprising the steps of: (a) storing a table containing, for each third value, a second value comprising said predetermined number of bits with a possible first value contained at a defined location and with zero values elsewhere; (b) storing fourth values each comprising said same predetermined number of bits as said second values with ones contained at said defined location and zero values elsewhere; (c) receiving an input second value comprising said predetermined number of bits; (d) combining said input second value and one of said fourth values so as to provide a combined value consisting of said value held in said input second value at said defined location and zeros elsewhere; and (e) comparing said combined value and one of said second values stored in said table and, (i) when they are not equal, repeating said operations of said combining means and said comparing means for said next second value (if any) stored in said table, and (ii) when they are equal, reading said corresponding third value from said table and providing it as an output value.
 11. The method of claim 10, in which said fourth values are stored in said same table as said third values and said second values.
 12. The method of claim 10, in which said table is divided into regions, each region corresponding to a respective format for said second value.
 13. A digital apparatus for locating, for a PID contained at a variable location which comprises part only of a packet header consisting of a predetermined number of input bits, a corresponding DES key value, said apparatus comprising: (a) a table store for storing a table containing, for each DES key value, a packet header comprising said predetermined number of bits with a possible PID contained at a defined location and with zero values elsewhere; (b) a mask value store for storing mask values each comprising said same predetermined number of bits as said packet headers with ones contained at said defined location and with zero values elsewhere; (c) an input for receiving an input packet header comprising said predetermined number of bits; (d) a combiner coupled to said mask value store and said input to combine said input packet header and one of said mask values so as to provide a combined value consisting of said value held in said input packet header at said defined location and zeros elsewhere; and (e) a comparator coupled to said table store and said combiner for comparing said combined value and one of said packet headers stored in said table and, (i) when they are not equal, repeating said operations of said combiner and said comparator for said next packet header (if any) stored in said table, and (ii) when they are equal, reading said corresponding DES key value from said table and providing it as an output value.
 14. The apparatus of claim 13, in which said mask value store and said table store constitute a unitary table containing, for each DES key value, a packet header and a mask value.
 15. The apparatus of claim 13, in which said table is divided into regions, each region corresponding to a respective packet header format.
 16. The apparatus of claim 14, in which said table is divided into regions, each region corresponding to a respective packet header format.
 17. A digital apparatus for locating, for a first value contained at a variable location which comprises part only of a second value consisting of a predetermined number of input bits, a corresponding third value, said apparatus comprising: (a) a table store for storing a table containing, for each third value, a second value comprising said predetermined number of bits with a possible first value contained at a defined location and with zero values elsewhere; (b) a fourth value store for storing fourth values each comprising said same predetermined number of bits as said second values with ones contained at said defined location and zero values elsewhere; (c) an input for receiving an input second value comprising said predetermined number of bits; (d) a combiner coupled to said fourth value store and said input to combine said input second value and one of said fourth values so as to provide a combined value consisting of said value held in said input second value at said defined location and zeros elsewhere; and (e) a comparator coupled to said table store and said combiner for comparing said combined value and one of said second values stored in said table and, (i) when they are not equal, repeating said operations of said combiner and said comparator for said next second value (if any) stored in said table, and (ii) when they are equal, reading said corresponding third value from said table and providing it as an output value.
 18. The apparatus of claim 17, in which said fourth value store and said table store constitute a unitary table containing, for each third value, a second value and a fourth value.
 19. The apparatus of claim 17, in which said table is divided into regions, each region corresponding to a respective format for said second value.
 20. The apparatus of claim 18, in which said table is divided into regions, each region corresponding to a respective format for said second value.
 21. A device for locating a DES key value, comprising: a memory table configured to store a predetermined number of mask bits, PID header bits, and corresponding DES key bits; a header identifier circuit coupled to an input and configured to receive an input packet having PID header bits; a compare circuit configured to compare the PID header bits in the input packet with the PID header bits stored in the memory table, and when the PID header bits stored in the memory table are not equal with the PID header bits in the input packet, repeatedly reading the next PID header bits stored in the memory table and comparing the PID header bits from the memory table with the PID header bits in the input packet until the PID header bits are equal; and a DES key read circuit coupled to the memory table and configured to read from the memory table DES key bits and output the DES key bits corresponding to the PID header bits in the memory that are equal to the input packet PID header bits.
 22. A device for locating a DES key value, comprising: a memory table configured to store a predetermined number of mask bits, PID header bits, and corresponding DES key bits; a header identifier circuit coupled to an input and configured to receive an input packet having PID header bits; a combined circuit configured to receive the input packet and the mask bits and to output the PID header bits; a compare circuit configured to compare the PID header bits in the input packet with the PID header bits stored in the memory table, and when the PID header bits stored in the memory table are not equal with the PID header bits in the input packet, repeatedly reading the next PID header bits stored in the memory table and comparing the PID header bits from the memory table with the PID header bits in the input packet until the PID header bits are equal; and a DES key read circuit coupled to the memory table and configured to read from the memory table DES key bits and output the DES key bits corresponding to the PID header bits that are equal to the input packet PID header bits.
 23. A digital apparatus for locating a DES key value, comprising: a memory table configured to store mask bits, PID header bits, and corresponding DES key values; a header identifier circuit coupled to an input and configured to receive an input packet having PID header bits; a read mask circuit coupled to the memory table and configured to read the mask bits; a read header circuit coupled to the memory table and configured to read the PID header bits; a read DES key circuit coupled to the memory table and configured to read the DES key bits; a combined circuit coupled to the header identifier circuit and the read mask circuit and configured to combine the mask bits with the input packet and to output the PID header bits; a comparison circuit coupled to the combined circuit and to the read header circuit and configured to compare the PID header bits from the input packet with the PID header bits from the memory table and, when the two PID header bits are not equal, to repeatedly read PID header bits from the memory table and compare the same to the PID header bits from the input packet, and when the PID header bits are equal, to enable the read DES key circuit to read the corresponding DES key bits and to output the same.
 24. A method of locating a DES key value, comparing: reading an input packet and combining bits stored in the input packet with a read mask stored in a memory table and outputting PID header bits; comparing the PID header bits from the input packet with PID header bits read from a memory table and, when the PID header bits are not equal, repeatedly reading PID header bits from the memory table and comparing the PID header bits read from the memory table to the PID header bits from the input packet until the PID header bits are equal, at which time the corresponding DES key bits from the memory table are read and generated on an output. 